[Samba] How to migrate Active Directory from one Samba4 server to another

Andrew Bartlett abartlet at samba.org
Fri Aug 17 16:44:57 MDT 2012


On Mon, 2012-08-13 at 19:56 +0200, X-Dimension at gmx.net wrote:
> -------- Original-Nachricht --------
> > Datum: Mon, 13 Aug 2012 17:47:35 +1000
> > Von: Andrew Bartlett <abartlet at samba.org>
> > An: X-Dimension at gmx.net
> > CC: samba at lists.samba.org
> > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4 server to another
> 
> > On Sat, 2012-08-11 at 22:03 +0200, X-Dimension at gmx.net wrote:
> > > Hello!
> > > 
> > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain controller
> > in a small production environment and because the Resara development has
> > ended we want to switch to a plain Samba4 beta based Ubuntu 12.04/Zentyal
> > Server.
> > > I have installed and configured the new server with the same domain-name
> > and the same hostname like the old server. 
> > > How can i export the Active Directory from the old server and import it
> > to the new Samba4 server? 
> > 
> > Something like this (unstested):
> > 
> > Use a different hostname, then run 'samba-tool domain join' to join it
> > to the first domain.  Then you can use the
> > source4/scripting/bin/renamedc script to rename it back to the name of
> > the first DC, after running 'samba-tool domain demote' on it. 
> > 
> > You may need to seize FSMO roles from one DC to the other with
> > 'samba-tool domain fsmo'.
> > 
> > > Do i need to rejoin the clients to the domain, after this?
> > 
> > No.
> > 
> > Additional complications may include DNS configuration.  You may need to
> > use --dns-backend=none on the join command. 
> > 
> > This is just a series of hints to get you started.  Hopefully you can
> > work it out from here. 
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett                                http://samba.org/~abartlet/
> > Authentication Developer, Samba Team           http://samba.org
> > 
> > 
> Thank you Andrew, this was very helpful!
> Joining the new Samba4 Server to the old one replicates the Active Directory without a problem! After shutting down the old server, renaming the new server and restore smb.conf and krb5.conf i can access the new server with RSAT now. :-)
> 
> What does not work is the dns-backend! :-(
> After the AD replication the DNS snap-in from RSAT does not work anymore.
> The join option "--dns-backend=none" is not available here (Samba4.0.0beta2 Zentyal package) 
> Is there another way to get DNS working after the replication from the old server? 
> 
> I have also another question: What does the "renamedc" script do? 
> When i start it, it always tells me that there are opened transactions and so it can't run.
> Because of this i simple change the hostname in /etc/hostname/ and /etc/hosts and run hostname -F /etc/hostname. After a restart all looks good so far. (but i haven't tested it very much)

If you don't rename it in the database, then it won't be able to accept
kerberos tickets under it's new name, and other bad things will happen,
particularly once you decommission the old name (particularly to do with
replication). 

We may need to work out why the script fails for you (and probably
promote it to be a samba-tool command).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba mailing list